← Back to Home
Legal

Privacy Policy

Effective date: April 11, 2026 · Last updated: April 11, 2026

1. Overview

Pride N Purpose Secure ("we", "our", or "the platform") is a personal developer security tool. This Privacy Policy explains what information we collect, how we use it, and how it is protected. By using Pride N Purpose Secure, you agree to the practices described here.

2. Information We Collect

Account Information

When you register, we collect your name, email address, and a hashed password. If you sign in with Google OAuth, we receive your name and email address from Google in accordance with Google's privacy policy.

Vault Data

All secrets, credentials, API keys, passwords, and other data you store in the Vault are encrypted at rest using AES-256-GCM before being written to the database. We cannot read your vault contents — only you can decrypt them with your authenticated session.

Session Data

We store session tokens in secure, HttpOnly cookies to keep you signed in. Sessions expire automatically and can be terminated from your settings page.

Security Logs

We may log authentication events (sign-in attempts, 2FA usage) for security purposes. These logs do not contain vault contents.

3. How We Use Your Information

  • To authenticate you and maintain your session
  • To store and retrieve your encrypted vault data
  • To send account-related emails (password reset, verification) if applicable
  • To operate and improve the platform

We do not sell, rent, or share your personal information or vault data with any third parties for marketing or commercial purposes.

4. Data Security

We take data security seriously:

  • Encryption at rest: All vault field values are encrypted using AES-256-GCM with a server-side key before storage.
  • Encryption in transit: All communication between your browser and our servers uses HTTPS/TLS.
  • Password hashing: Account passwords are hashed using bcrypt before storage and are never readable.
  • Two-factor authentication: We support TOTP-based 2FA to add an additional layer of account security.

Despite these measures, no system is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

5. Data Retention

Your data is retained for as long as your account is active. If you delete your account, all associated vault data, categories, items, and account information are permanently deleted from our database. Some residual data may remain in encrypted database backups for a limited time.

6. Third-Party Services

We use the following third-party services to operate the platform:

  • Railway — cloud database hosting for PostgreSQL
  • Google OAuth — optional sign-in via your Google account

These providers have their own privacy policies. We share only the minimum necessary information with each.

7. Your Rights

You have the right to access, export, correct, or delete your account and vault data at any time. To request data deletion or export, contact us or delete your account directly from the settings page.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date at the top of this page. Continued use of the platform after changes constitutes acceptance of the updated policy.

9. Contact

If you have questions about this Privacy Policy or how your data is handled, please reach out through the platform's GitHub repository or official contact channels.